Hi,
This patchset updates include path logic of nftables:
Patch #1 adds -f/--filename base directory as implicit include path,
so users do not need to add a redundant -I/--includepath
such as:
# nft -I /path/to/files -f /path/to/files/ruleset.nft
Patch #2 searches for default include path last so users have a way
to override the default include path either via -I/--includepath
or the implicit include path added by Patch #1
For instance, assuming you have:
# cat /path/to/files/ruleset.nft
include "file1.nft"
include "file2.nft"
# ls /path/to/files/
file1.nft file2.nft
then, make a copy of the ruleset:
# mkdir update
# cp -r /path/to/files/* update
# vim update/file1.nft
...
file edit goes here
...
# nft -f copy/ruleset.nft
Comments welcome, thanks.
Pablo Neira Ayuso (2):
libnftables: add base directory of -f/--filename to include path
libnftables: search for default include path last
doc/nft.txt | 2 ++
src/libnftables.c | 19 +++++++++++++-
src/scanner.l | 63 ++++++++++++++++++++++++++++++-----------------
3 files changed, 61 insertions(+), 23 deletions(-)
--
2.30.2
